...
Field | Description |
---|---|
DATE | Event date, in the format YYYY-MM-DD |
TIME | Event time, in the format HH:MM:SS |
SYSTEM | The source system. Supported AWS log type were source system information is not applicable or not available will be classified as AWS Internal All other unsupported type will be classified as UNKNOWN |
TABLE | For supported types: AWS<ServiceName>Log. All other unsupported types will be classified as AWSGenericLog |
COLLECTIONDATETIME | Snare Central’s local date and time of the actual log collection from AWS Kinesis Data Stream in RFC3339Nano format |
CWLDATETIME | AWS CloudWatch Log’s timestamp when it receives the event log from other AWS services in RFC3339Nano format |
DATETIME | The timestamp of the event log in RFC3339Nano format |
SNAREDATAMAP | All unclassified field/s in the log will be pushed into the SNAREDATAMAP. |
...
Notes
https://docs.aws.amazon.com/whitepapers/latest/aws-overview/introduction.html
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/WhatIsCloudWatchLogs.html
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Subscriptions.html
https://docs.aws.amazon.com/streams/latest/dev/introduction.html